Identity Security

Read all about identity security on the OctopusBlog!

True Cost of Password Based Authentication

By Amit Rahav|October 3rd, 2019|Categories: Articles|Tags: , , , |

Just because you don’t have to pay anything extra to buy this common form of authentication, it doesn’t mean that passwords are free.  Far from it, quite often passwords end up costing enterprises much more than what they have bargained for. Although the cost of passwords rarely comes up in management meetings, authenticating identity using passwords is a significant expense for [...]

Air Gap Network Multi Factor Authentication

By Shimrit Tzur-David|August 20th, 2019|Categories: Articles|Tags: , , |

Air gaping. It’s the ‘nuclear option’ of network security. By separating a machine from any other computer, managers can all but guarantee that it cannot be penetrated remotely. Air gaping, or network separation as it is often known, is the step taken by the serious neurotics among users or because the regulatory body you report to insist on it, those whom [...]

In Passwords We Trust! But Why?

By Amit Rahav|August 15th, 2019|Categories: Articles|Tags: , , , , , |

The most recent security baseline report from Microsoft has been making waves in the world of digital security. Experts at Microsoft asset that password-based authentication represents a basic risk to networks. “There’s no question that the state of password security is problematic and has been for a long time,” reads the post. “When humans pick their own passwords, too often they [...]

Every Password Matters – The PCM Case

By Amit Rahav|July 22nd, 2019|Categories: Articles|Tags: , , , |

Large tech companies like Microsoft and Google go to great lengths to secure their services and protect their customers’ accounts and identities. But what about the security of the partners and third parties that provide services on their behalf? A recent article on famous cybersecurity blog KrebsOnSecurity blog post unveiled a breach at PCM, a major California-based provider of technology products, [...]

How Poor Passwords Turned 50,000 Servers Into Cryptocurrency Miners

By Shimrit Tzur-David|June 26th, 2019|Categories: Articles|Tags: , , , |

In May, researchers from security firm Guardicore uncovered a massive campaign by Chinese hackers to break into online Windows servers and to infect them with cryptocurrency miners. Cryptominers are special malware that hijack the resources of the infected machine to solve complicated mathematical equations and collect cryptocurrency rewards. As explained by the security researchers, the hackers used sophisticated techniques along the [...]

The Verizon Breach Report – 4 Things Learned

By Shimrit Tzur-David|May 27th, 2019|Categories: Articles|Tags: , , , |

Telecom giant Verizon Wireless recently released their annual Data Breach Investigation Report for 2019. The Report lays out a data-driven assessment of threat trends and other stats on information-breach incidents over the previous year. Looking over the Report’s 78 pages, several important realities about the state of authentication security come to light. Stolen Passwords are Still #1 Threat The 2019 report [...]

What Passwordless Authentication Prevents?

By Shimrit Tzur-David|May 1st, 2019|Categories: Articles|Tags: , , , |

If we could sum up our message at Secret Double Octopus, it would be that password authentication is outdated and dangerous. While the general risks of weak authentication are well known, often users don’t quite understand the full implications of this threat. We therefore decided to use this post to provide a more comprehensive overview of all the vulnerabilities of passwords--and [...]

Solving Phishing from the Root

By Amit Rahav|April 3rd, 2019|Categories: Articles|Tags: , , |

Spear phishing. It’s one of the more vicious methods used by today’s cyber criminals to compromise networks. Phishing related attacks have been a favorite of the hackers tool kit for years. And these kinds of attacks are becoming more common and more sophisticated over time. What is Spear Phishing? In its most basic definition, phishing is an attempt to illicitly obtain [...]

Virtual Desktop (VDI) Authentication

By Amit Rahav|December 20th, 2018|Categories: Articles|Tags: , , , |

The Bring Your Own Device (BYOD) approach is highly embraced by organizations, connecting users to corporate networks to reduce costs or as an easy solution for remote workers. The main beneficiaries of the trend are Virtual Desktop Infrastructure (VDI) such as Citrix, VMware and Microsoft,  For many organizations and companies, Virtual Desktops provide an interesting option to connect their employees to [...]

Password- Based Authentication: Vulnerabilities And Alternative Solutions

By Shimrit Tzur-David|December 5th, 2018|Categories: Articles|Tags: , , , , , |

The password has been the staple of authentication for years. While passwords are still very much a part of our information technology landscape, they have been on the decline for more than a decade. “There is no doubt that over time, people are going to rely less and less on passwords,” adding that passwords “just don’t meet the challenge for anything [...]

VPN MFA – The Gateway to the Kingdom

By Amit Rahav|November 22nd, 2018|Categories: Articles|Tags: , , |

Enterprises have long used Virtual Private Networks (VPN) to protect their systems and provide a secure work environment. In today’s dynamic business climate, VPN’s have become even more essential. Private networks are now commonly used for organizations that want to give their employees remote, unfettered access to their private servers. With the security and flexibility they provide, it’s no wonder why [...]

The UN Unexpected Example of Poor Password Management

By Amit Rahav|October 4th, 2018|Categories: Articles|Tags: , , , |

A couple weeks ago, we covered the West Australian government’s security audit here on the Octopus Blog. The section of the governmental audit’s research into cyber security practices unveiled some pretty disturbing facts. Given the opportunity, users will choose the most obvious, easiest to guess passwords, leaving them wide-open targets for cyber criminals. While the size and scope of this phenomenon [...]

Certificates and Inherit Trust

By Shimrit Tzur-David|September 23rd, 2018|Categories: Articles|Tags: , , , |

On the Octopus Blog, we’ve delved quite a bit into the vulnerabilities of contemporary encryption standards. The system of Public Key Infrastructure (PKI) which forms the basis of most of the worlds authentication platforms, while presenting a powerful, easy to use encryption model, still left several holes through which attackers can breach networks and steal identities. Perhaps the single biggest problem [...]